Before IBM®
QRadar® can
collect events from Palo Alto Endpoint Security Manager, you must configure Palo Alto Endpoint
Security Manager to send events to QRadar.
Procedure
-
Log in to the Endpoint Security Manager (ESM) Console.
-
Click .
-
Click Syslog, and then select Enable
Syslog.
-
Configure the syslog parameters:
| Parameter |
Value |
|---|
| Syslog Server |
Host name or IP address of the QRadar server. |
| Syslog Port |
514 |
| Syslog Protocol |
LEEF |
| Keep-alive-timeout |
0 |
| Send reports interval |
Frequency (in minutes), in which Traps sends logs from the endpoint. The default is 10. The
range is 1 - 2,147,483,647. |
| Syslog Communication Protocol |
Transport layer protocol that the ESM Console uses to send syslog reports by using UDP, TCP,
or TCP with SSL. |
-
In the Logging Events area, select the types of events that you want to
send to QRadar.
-
Click Check Connectivity. The ESM Console sends a test communication to
the syslog server by using the information on the Syslog page. If the test
message is not received, verify that the settings are correct, and then try again.